Forum Discussion
Limiting the upload of classified files to sensitive SharePoint Online sites - MCAS file policy
I'm working with a client who has rolled out AIP labels and is looking to block where users can post these files internally. Example: if I have a "sensitive" file (based on its label), can I prevent it from being uploaded to a SharePoint site with a specific label? (using site classification labels or property bag values) https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/modern-experience-site-classification
I've been able to configure the MCAS file policy to find the sensitive files based on their label and prevent their upload, but this either becomes a blanket policy across ALL SharePoint / OneDrive sites, or only specific folders that I have to manually select. Is there a faster way to assign this to sites based on their classification?
3 Replies
John Hodges I have the same requirement from a customer. I only managed to get this work for browser basedd access. All files with a specific label (Highly Confidential) can be blocked for up/download but only withi browser session because it is a session policy (enforced by conditional access). But it also notofies that this wont work for desktop apps:
But in "Access policies" i cannot filter based on file labels. Are there any plans to support this?
Same here - We are also looking into this use case. Any valuable input appreciated 🙂
Dima DonhinMicrosoft
Hi John,
Currently MCAS doesnt support reading site specific labels.
You need to configure the policy by selecting the sites according to your needs.
Regards,
Dima
